Re: [Csnd-dev] Seeking help! with 2FA
| Date | 2023-11-27 15:06 |
| From | Rory Walsh |
| Subject | Re: [Csnd-dev] Seeking help! with 2FA |
I'm using Google Authenticator on my Android phone. It seems to work fine for me. But I got lucky I think. It just worked without me having to do anything. I simply installed it, set the account to use the same email address that I use in github, and now whenever I need to sign into github from a new device, my phone gets pinged the code. On Mon, 27 Nov 2023 at 15:22, John ff <jpff@codemist.co.uk> wrote: You may have noticed that Github are moving to 2FA (the first of the |
| Date | 2023-11-27 15:22 |
| From | John ff |
| Subject | [Csnd-dev] Seeking help! with 2FA |
You may have noticed that Github are moving to 2FA (the first of the TLA and ETLAs) So I need to join whatever this is. I installed freeOTP on my mobile phone and on my tablet, hoping that would help. but it just sits quietly lurking but no interaction. So far I have tried to follow the instructions but have failed almost immediately. The Github page offers a QR code and I did manage to scan it. The response was to say the encryption was too weak and I should not use it. So what next? Noting seems to work. Clearly I am getting too old to use a modern computer.... Please help, someone ==John ffitch |
| Date | 2023-11-27 16:37 |
| From | Steven Yi |
| Subject | Re: [Csnd-dev] Seeking help! with 2FA |
I also use Google Authenticator; I scanned the QR code and then it generates a new code every 60 seconds. On Mon, Nov 27, 2023 at 11:06 AM Rory Walsh <rorywalsh@ear.ie> wrote:
|
| Date | 2023-11-28 19:49 |
| From | rasmus ekman |
| Subject | Re: [Csnd-dev] Seeking help! with 2FA |
Hi,
So gitlab (Microsoft) recently made it slightly harder to share code freely.
They make it look like you need some special app to generate OTP codes, but it's just a sort-of-standard algo.
Here's a python script to generate your 6-digit 2FA/OTP code, just run it whenever you need to log in.
SETTING UP
On your gitlab user page there's a button to get started using 2FA on your account.
There will be a popup window that shows a secret seed code (I think capital case letters only).
Paste this in the below script where it says
'16-char secret here'
Then run the script and answer with the 6-digit output.
You might need to get next code a couple times if it fails, the output changes every 30 secs.
PS: After successful joinup, you get a bunch of recovery codes, you might want to paste them somewhere safe.
The script is not my work, just adapted from 2-3 sources (there are many).
Regards,
/rasmus
##### Begin OTP-generator.py #####
#!/usr/bin/env python3
import hashlib
import hmac
import time
from base64 import b32decode
from math import floor
corporations = {
'github username hint': '16-char secret here', # Don't publish this...
# you can add more "accounthint": "secret" pairs here
}
# Config params - the most common choices
DIGEST_METHOD = hashlib.sha1
UPDATE_PERIOD = 30 # secs
OUTPUT_DIGITS = 6
def decode_secret(secret):
missing_padding = len(secret) % 8
if missing_padding != 0:
secret += "=" * (8 - missing_padding)
return b32decode(secret, casefold=True)
def int_to_bytestring(i: int, padding: int = 8) -> bytes:
"""
Turns an integer to the OATH specified bytestring,
which is fed to the HMAC along with the secret
"""
result = bytearray()
while i != 0:
result.append(i & 0xFF)
i >>= 8
# It's necessary to convert the final result from bytearray to bytes
# because the hmac functions in python 2.6 and 3.3 don't work with bytearray
return bytes(bytearray(reversed(result)).rjust(padding, b"\0"))
def get_timestamp(timestep=UPDATE_PERIOD):
now_in_seconds = floor(time.time())
t = floor(now_in_seconds / timestep)
return int(t)
def get_otp(secret, challenge=get_timestamp()):
hasher = hmac.new(decode_secret(secret), int_to_bytestring(challenge), DIGEST_METHOD)
hmac_hash = bytearray(hasher.digest())
offset = hmac_hash[-1] & 0xF
code = (
(hmac_hash[offset] & 0x7F) << 24
| (hmac_hash[offset + 1] & 0xFF) << 16
| (hmac_hash[offset + 2] & 0xFF) << 8
| (hmac_hash[offset + 3] & 0xFF)
)
str_code = str(10_000_000_000 + (code % 10**OUTPUT_DIGITS))
return str_code[-OUTPUT_DIGITS :]
output = ''
for key, secret in corporations.items():
output += f'{key}: {get_otp(secret)}\n'
print(output)
##### END 2FA CODE-GEN SCRIPT #####
Den 2023-11-27 kl. 16:22, skrev John ff:
> You may have noticed that Github are moving to 2FA (the first of the
> TLA and ETLAs)
> So I need to join whatever this is.
>
> I installed freeOTP on my mobile phone and on my tablet, hoping that
> would help. but it just sits quietly lurking but no interaction.
>
> So far I have tried to follow the instructions but have failed almost
> immediately. The Github page offers a QR code and I did manage to
> scan it. The response was to say the encryption was too weak and I
> should not use it.
>
> So what next? Noting seems to work.
>
> Clearly I am getting too old to use a modern computer.... Please
> help, someone
>
> ==John ffitch
> |